ERROR: The analysis hit the critical timeout, terminating.

[arulraji]

i set 600 seconds for timeout and still got an error like "ERROR: The analysis hit the critical timeout, terminating." please help us. i share the malware sample also here

fyi attached file is .js extension but i changed to .txt for upload here test.txt

arul-3530@arul-3530:/opt/cuckoo$ python cuckoo.py

                      .:                 
                      ::                 
.-.     ,  :   .-.    ;;.-.  .-.   .-.   

; ; ; ; ;; .' ; ;'; ;' ;;;;'.'..:;.`;;;;'.'`.;;' `;;'

Cuckoo Sandbox 2.0-rc1 www.cuckoosandbox.org Copyright (c) 2010-2015

Checking for updates... Good! You have the latest version available.

2016-11-03 16:02:51,111 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2016-11-03 16:02:51,308 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2016-11-03 16:02:51,319 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2016-11-03 16:03:14,762 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "s.html" (task #28, options "") 2016-11-03 16:03:14,770 [lib.cuckoo.core.scheduler] INFO: File already exists at "/opt/cuckoo/storage/binaries/11be914fc05c7a631eefd498c14883a7850ee90d45607a3a61777549e391ee11" 2016-11-03 16:03:14,792 [lib.cuckoo.core.scheduler] INFO: Task #28: acquired machine cuckoo (label=cuckoo) 2016-11-03 16:03:14,795 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 32355 (interface=vboxnet0, host=192.168.56.101, pcap=/opt/cuckoo/storage/analyses/28/dump.pcap) tcpdump: listening on vboxnet0, link-type EN10MB (Ethernet), capture size 65535 bytes 2016-11-03 16:03:18,634 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo, ip=192.168.56.101) 2016-11-03 16:13:25,421 [lib.cuckoo.core.scheduler] ERROR: The analysis hit the critical timeout, terminating. 748 packets captured 748 packets received by filter 0 packets dropped by kernel 2016-11-03 16:13:27,605 [modules.processing.behavior] WARNING: Analysis results folder does not contain any behavior log files. 2016-11-03 16:13:27,611 [lib.cuckoo.common.objects] WARNING: Unable to import yara (please compile from sources) 2016-11-03 16:13:27,705 [lib.cuckoo.core.scheduler] INFO: Task #28: reports generation completed (path=/opt/cuckoo/storage/analyses/28) 2016-11-03 16:13:27,727 [lib.cuckoo.core.scheduler] INFO: Task #28: analysis procedure completed

[arulraji]

@jbremer please help us

[doomedraven]

use search in issues there are already a lot of tips what it can be, instead of open new issue for the same

[arulraji]

yes i searched and check all possibility like

1. curl and get 50X respone (wen manually start vm)
2. when analyse started, from host machine i ping the vm and also check with netstat command connections are all established.
3. also analyse some 8 bytes files. that also terminated by critical timeout error

[doomedraven]

did you try dev/package branch instead of rc1? as is pretty buggy

[arulraji]

@doomedraven in dev branch also gives same error ERROR: Error from the Cuckoo Guest: The analysis hit the critical timeout, terminating.

[jbremer]

What kind of sample are you submitting? Do you have any more logs?

[arulraji]

i submit js file(https://github.com/cuckoosandbox/cuckoo/files/568771/test.txt) cuckoo.log file cuckoo.txt analysis.log file analysis.txt and empty tlsmaster.txt file i got

And one more doubt, why after analysis completed also the process will not terminate?. It will terminate only the timeout condition reached.

[jbremer]

Your VM is not able to ping back to the Host to report the analysis information, which indicates some error with your network setup. Closing this issue, please re-read our documentation & perform all the other steps people have had with their networking in other Github issues.

[jeandez]

Hello , I have installed the new version 2.0.1 but i am still facing the same issue : error form the Cuckoo Guest : The analysis hit the critical timeout, terminating. guest and host ping each other .

[SparkyNZL]

This isn't unusual, this means that in the timeout value set the malware was still running when.the timeout was hit. Extend the time out, if the malware remains active doing things it will always hit critical timeout

Sent from my spaceship...

On 25/04/2017 8:49 PM, "jeandez" notifications@github.com wrote:

Hello , I have installed the new version 2.0.1 but i am still facing the same issue : error form the Cuckoo Guest : The analysis hit the critical timeout, terminating. guest and host ping each other .

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/1157#issuecomment-296963270, or mute the thread https://github.com/notifications/unsubscribe-auth/AQ_imNhIBTCBTwoPVV6s0WM1KvAck-Hnks5rzbO0gaJpZM4KoP5k .

[jeandez]

So , you think it is normal to have this error even i set the critical timeout to 600 ?

[doomedraven]

it can be normal even with infinite, if process not finish it will raise critical timeout always

[jeandez]

so , could you test this file (eicar pdf) at your side and tell me if the analysis hit the critical timeout: "didierstevens.com/files/data/pdf-doc-vba-eicar-dropper.zip"

[jeandez]

with critical timeout set to 600. Thank you